Spam, Unwanted Advertisements and Ransom Demands
Attempts to delete volume shadow copies Show sources
| api_command_line | vssadmin.exe delete shadows /all /quiet |
Malware Analysis System Evasion
Possible date expiration check, exits too soon after checking local time Show sources
| api_process_name | cmd.exe, PID 2168 |
Network activity detected but not expressed in API logs